Mitigating BYOD information security risks

Abstract

BYOD is a trend in organizations to allow employees, contractors and suppliers to use their personal devices in the workplace. Users can access electronic organizational resources from their tablets, smartphones, laptops, etc. The benefits of allowing BYOD in organizations are convenient for both employees and organizations. Employees will feel more comfortable employing their personal devices and organizations will save resources that should be used to purchase of electronic equipment for their employees. However, the confidentiality, integrity and ability of the information are at risk because individuals will have access to it employing their personal devices. The challenge to organizations is to keep that information secure. While BYOD is a well-defined and accepted trend in several organizations, there is little documentation to address the information security risks posed by BYOD. The following research, in the form of an extensive literature review, has defined a comprehensive list of information security risks that are associated with allowing BYOD in the organizations. This list will be used to evaluate five BYOD policy documents from different organizations to determine how comprehensively BYOD information security risks are addressed. Based on this evaluation, it will be identified which BYOD information security risks have been acknowledged and addressed by these organizations.